| Sergiusz Bazanski | 6f773e0 | 2019-10-02 20:46:48 +0200 | [diff] [blame] | 1 | local mirko = import "../../kube/mirko.libsonnet"; |
| 2 | local kube = import "../../kube/kube.libsonnet"; |
| 3 | |
| 4 | { |
| 5 | hswaw(name):: mirko.Environment(name) { |
| 6 | local env = self, |
| 7 | local cfg = self.cfg, |
| 8 | |
| 9 | cfg+: { |
| 10 | smsgw: { |
| 11 | secret: { |
| 12 | twilio_token: error "twilio_token must be set", |
| 13 | }, |
| 14 | image: "registry.k0.hswaw.net/q3k/smsgs:1570049853-05c5b491c45de6d960979d4aee8635768f3178e9", |
| 15 | webhookFQDN: error "webhookFQDN must be set", |
| 16 | }, |
| Sergiusz Bazanski | 5b86662 | 2019-10-18 14:54:36 +0200 | [diff] [blame] | 17 | ldapweb: { |
| 18 | # Manually built from code.hackerspace.pl/q3k/ldap-web-public. |
| 19 | image: "registry.k0.hswaw.net/q3k/ldap-web:1571402374", |
| 20 | |
| 21 | webFQDN: error "webFQDN must be set", |
| 22 | }, |
| Sergiusz Bazanski | 6f773e0 | 2019-10-02 20:46:48 +0200 | [diff] [blame] | 23 | }, |
| 24 | |
| 25 | components: { |
| 26 | smsgw: mirko.Component(env, "smsgw") { |
| 27 | local smsgw = self, |
| 28 | cfg+: { |
| 29 | image: cfg.smsgw.image, |
| 30 | container: smsgw.GoContainer("main", "/smsgw/smsgw") { |
| 31 | env_: { |
| 32 | TWILIO_TOKEN: kube.SecretKeyRef(smsgw.secret, "twilio_token"), |
| 33 | }, |
| 34 | command+: [ |
| 35 | "-twilio_friendly_phone", "48732168371", |
| 36 | "-twilio_sid", "AC806ed4bf4b6c80c8f8ea686379b69518", |
| 37 | "-twilio_token", "$(TWILIO_TOKEN)", |
| 38 | "-webhook_listen", "0.0.0.0:5000", |
| 39 | "-webhook_public", "https://%s/" % [ env.cfg.smsgw.webhookFQDN ], |
| 40 | ], |
| 41 | }, |
| 42 | ports+: { |
| 43 | publicHTTP: { |
| 44 | webhook: { |
| 45 | port: 5000, |
| 46 | dns: env.cfg.smsgw.webhookFQDN, |
| 47 | } |
| 48 | }, |
| 49 | }, |
| 50 | }, |
| 51 | |
| 52 | secret: kube.Secret("smsgw") { |
| 53 | metadata+: smsgw.metadata, |
| 54 | data: env.cfg.smsgw.secret, |
| 55 | }, |
| 56 | |
| 57 | // Temporary machinery to access gRPC from outsite. |
| 58 | // In the future, this will be handled by a proxy/API gateway. |
| 59 | // For now, we need this running. |
| 60 | // TODO(q3k): remove this when we have an API GW or proxy. |
| 61 | stopgap: { |
| Sergiusz Bazanski | cccf5ec | 2019-10-17 19:56:15 +0200 | [diff] [blame] | 62 | local stopgap = self, |
| 63 | |
| Sergiusz Bazanski | 6f773e0 | 2019-10-02 20:46:48 +0200 | [diff] [blame] | 64 | rpcLB: kube.Service("smsgw-tcp-rpc") { |
| 65 | metadata+: smsgw.metadata, |
| 66 | target_pod: smsgw.deployment.spec.template, |
| 67 | spec+: { |
| 68 | type: "LoadBalancer", |
| 69 | ports: [ |
| 70 | { name: "grpc-external", port: 443, targetPort: 4200 }, |
| 71 | ], |
| 72 | }, |
| 73 | }, |
| 74 | |
| Sergiusz Bazanski | cccf5ec | 2019-10-17 19:56:15 +0200 | [diff] [blame] | 75 | mkClientCert(name, cn):: kube.Certificate(name) { |
| Sergiusz Bazanski | 6f773e0 | 2019-10-02 20:46:48 +0200 | [diff] [blame] | 76 | metadata+: smsgw.metadata, |
| 77 | spec: { |
| Sergiusz Bazanski | cccf5ec | 2019-10-17 19:56:15 +0200 | [diff] [blame] | 78 | secretName: name, |
| Sergiusz Bazanski | 6f773e0 | 2019-10-02 20:46:48 +0200 | [diff] [blame] | 79 | duration: "35040h0m0s", // 4 years |
| 80 | issuerRef: { |
| 81 | // Contract with cluster/lib/pki.libsonnet. |
| 82 | // Copied over. |
| 83 | name: "pki-ca", |
| 84 | kind: "ClusterIssuer", |
| 85 | }, |
| Sergiusz Bazanski | cccf5ec | 2019-10-17 19:56:15 +0200 | [diff] [blame] | 86 | commonName: cn, |
| Sergiusz Bazanski | 6f773e0 | 2019-10-02 20:46:48 +0200 | [diff] [blame] | 87 | }, |
| 88 | }, |
| Sergiusz Bazanski | cccf5ec | 2019-10-17 19:56:15 +0200 | [diff] [blame] | 89 | |
| 90 | kasownikCert: stopgap.mkClientCert("smsgw-tcp-rpc-consumer", "kasownik.external.hswaw.net"), |
| 91 | piorekfCert: stopgap.mkClientCert("smsgw-tcp-rpc-piorekf", "piorekf.person.hswaw.net"), |
| Sergiusz Bazanski | 6f773e0 | 2019-10-02 20:46:48 +0200 | [diff] [blame] | 92 | } |
| 93 | }, |
| Sergiusz Bazanski | 5b86662 | 2019-10-18 14:54:36 +0200 | [diff] [blame] | 94 | |
| 95 | ldapweb: mirko.Component(env, "ldapweb") { |
| 96 | local ldapweb = self, |
| 97 | cfg+: { |
| 98 | image: cfg.ldapweb.image, |
| 99 | volumes+: { |
| 100 | config: kube.ConfigMapVolume(ldapweb.configmap), |
| 101 | }, |
| 102 | container: ldapweb.Container("main") { |
| 103 | # Starts by default on port 8000. |
| 104 | volumeMounts_+: { |
| 105 | config: { mountPath: "/app/webapp/config.py", subPath: "config.py", }, |
| 106 | }, |
| 107 | }, |
| 108 | ports+: { |
| 109 | publicHTTP: { |
| 110 | web: { |
| 111 | port: 8000, |
| 112 | dns: env.cfg.ldapweb.webFQDN, |
| 113 | }, |
| 114 | }, |
| 115 | }, |
| 116 | }, |
| 117 | |
| 118 | configmap: kube.ConfigMap(ldapweb.makeName("config")) { |
| 119 | metadata+: ldapweb.metadata, |
| 120 | data: { |
| 121 | "config.py": ||| |
| 122 | # -*- coding: utf-8 -*- |
| 123 | import flask_wtf |
| 124 | import wtforms |
| 125 | ldap_url = 'ldap://ldap.hackerspace.pl' |
| 126 | dn_format = "uid=%s,ou=people,dc=hackerspace,dc=pl" |
| 127 | |
| 128 | admin_dn = 'cn=ldapweb,ou=Services,dc=hackerspace,dc=pl' |
| 129 | admin_pw = 'unused' |
| 130 | |
| 131 | hackerspace_name = 'Warsaw Hackerspace' |
| 132 | |
| 133 | readable_names = { |
| 134 | 'commonname': u'Common Name', |
| 135 | 'givenname': u'Given Name', |
| 136 | 'gecos': u'GECOS (public name)', |
| 137 | 'surname': u'Surname', |
| 138 | 'loginshell': u'Shell', |
| 139 | 'telephonenumber': 'Phone Number', |
| 140 | 'mobiletelephonenumber': 'Mobile Number', |
| 141 | 'sshpublickey': 'SSH Public Key', |
| 142 | } |
| 143 | |
| 144 | full_name = { |
| 145 | 'cn': 'commonname', |
| 146 | 'gecos': 'gecos', |
| 147 | 'sn': 'surname', |
| 148 | 'mobile': 'mobiletelephonenumber', |
| 149 | 'l': 'locality', |
| 150 | } |
| 151 | |
| 152 | can_add = set([ |
| 153 | 'telephonenumber', |
| 154 | 'mobiletelephonenumber', |
| 155 | 'sshpublickey', |
| 156 | ]) |
| 157 | can_delete = can_add |
| 158 | can_modify = can_add | set([ |
| 159 | 'givenname', 'surname', 'commonname', 'gecos', |
| 160 | ]) |
| 161 | can = { 'add':can_add, 'mod':can_modify, 'del':can_delete } |
| 162 | admin_required = set() |
| 163 | |
| 164 | |
| 165 | perm_errors = { |
| 166 | 'add': 'You cannot add this attribute!', |
| 167 | 'mod': 'You cannot change this attribute!', |
| 168 | 'del': 'You cannot delete this attribute!', |
| 169 | } |
| 170 | std_templates = { |
| 171 | 'add': 'ops/add.html', |
| 172 | 'mod': 'ops/mod.html', |
| 173 | 'del': 'ops/del.html', |
| 174 | } |
| 175 | |
| 176 | |
| 177 | |
| 178 | default_field = (wtforms.fields.StringField, {}) |
| 179 | fields = { 'telephonenumber': (wtforms.fields.StringField, {'validators': [wtforms.validators.Regexp(r'[+0-9 ]+')]})} |
| 180 | |
| 181 | kadmin_passwd = True |
| 182 | kadmin_principal_map = "{}@HACKERSPACE.PL" |
| 183 | |
| 184 | TOKEN_LENGTH = 32 |
| 185 | |||, |
| 186 | }, |
| 187 | }, |
| 188 | }, |
| Sergiusz Bazanski | 6f773e0 | 2019-10-02 20:46:48 +0200 | [diff] [blame] | 189 | }, |
| 190 | }, |
| 191 | |
| 192 | prod: self.hswaw("hswaw-prod") { |
| 193 | cfg+: { |
| 194 | smsgw+: { |
| 195 | secret+: { |
| 196 | twilio_token: std.base64(std.split(importstr "secrets/plain/prod-twilio-token", "\n")[0]), |
| 197 | }, |
| 198 | webhookFQDN: "smsgw-webhook-prod.hswaw.net", |
| Sergiusz Bazanski | 5b86662 | 2019-10-18 14:54:36 +0200 | [diff] [blame] | 199 | }, |
| 200 | ldapweb+: { |
| Sergiusz Bazanski | 831a54a | 2019-10-20 17:38:22 +0200 | [diff] [blame] | 201 | webFQDN: "profile.hackerspace.pl", |
| Sergiusz Bazanski | 5b86662 | 2019-10-18 14:54:36 +0200 | [diff] [blame] | 202 | }, |
| Sergiusz Bazanski | 6f773e0 | 2019-10-02 20:46:48 +0200 | [diff] [blame] | 203 | }, |
| 204 | }, |
| 205 | } |